This article provides a complete reference of all event types recorded in the CloudM Continuity audit log, including what triggers each event, the severity level, and what information is included in the message.
Sync events
These events are generated automatically by the sync engine. The actor is always System.
| Event | Trigger | Severity | Message includes |
|---|---|---|---|
| Sync started | A sync operation begins for a user | Information (or Warning/Error if the sync fails to start) | User name, source email, destination email, data type |
| Sync completed | A sync operation finishes successfully | Information | User name, source email, destination email |
| Sync failed | A sync operation encounters an error | Error | User name, source email, destination email, error details |
Policy events
These events are triggered by admin actions on sync policies. The actor is the admin user who performed the action.
| Event | Trigger | Severity | Message includes |
|---|---|---|---|
| Policy created | An admin creates a new sync policy | Information | Admin email, policy name |
| Policy updated | An admin modifies a policy's settings | Information | Admin email, policy name, summary of changes (e.g. "Frequency changed from Daily to Hourly") |
| Policy deleted | An admin deletes a policy | Information | Admin email, policy name |
User events
These events track admin user management actions. The actor is the admin who performed the action.
| Event | Trigger | Severity | Message includes |
|---|---|---|---|
| User invited | An admin sends an invitation to a new user | Information | Admin email, invitee email |
| User created | An invited user accepts the invitation and creates their account | Information | New user email |
Authentication events
These events record sign-in and sign-out activity. The actor is the user who authenticated.
| Event | Trigger | Severity | Message includes |
|---|---|---|---|
| Logged in | A user signs in to CloudM Continuity | Information | User email, sign-in confirmation |
| Logged out | A user signs out of CloudM Continuity | Information | User email, sign-out confirmation |
Severity levels
Each event is assigned one of three severity levels, shown as a colour-coded badge in the log table:
| Severity | Badge colour | When used |
|---|---|---|
| Information | Blue | Normal, successful operations — applies to most events |
| Warning | Amber | Events that may need attention but are not failures (e.g. a sync that completed with skipped items) |
| Error | Red | Failures that require investigation (e.g. Sync failed, sync failed to start). Error rows are highlighted with a red background. |
Event display format
Each event row in the audit log table shows:
- Actor — a person icon with the user's email address, or a system icon (dark background) with "System" for automated events
- Severity badge — a colour-coded label (Information, Warning, or Error) with a small dot indicator
- Event name — e.g. "Sync completed" or "Policy updated"
- Message — contextual detail such as user emails, policy names, or error information
- Timestamp — when the event occurred
Context types
Each event is associated with a context type, which determines what the event relates to. This is used by the Context Type filter on the logs page.
| Context Type | Associated events |
|---|---|
| Sync User | Sync started, Sync completed, Sync failed |
| Policy | Policy created, Policy updated, Policy deleted |
| User | User invited, User created, Logged in, Logged out |
| Connection | Connection-related events |